After a recent internal audit, the security administrator was tasked to ensure that all credentials must be
changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All
credentials will remain enabled regardless of the number of attempts made. Which of the following types of
user account options were enforced? (Choose two.)

A.
Recovery

B.
User assigned privileges

C.
Lockout

D.
Disablement

E.
Group based privileges

F.
Password expiration

G.
Password complexity

Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a
password. The more characters in a password that includes some character type complexity, the more resistant
it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.